From b297996b9252b02e56e9425f55f6becbf6bb7832 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 14 Dec 2023 00:44:58 +0000 Subject: [PATCH] Add runtime checking of golang version Forces other groups packaging k3s to intentionally choose to build k3s with an unvalidated golang version Signed-off-by: Brad Davidson --- Dockerfile.test | 2 +- pkg/cli/agent/agent.go | 3 +++ pkg/cli/cmds/golang.go | 27 +++++++++++++++++++++++++++ pkg/cli/server/server.go | 2 ++ pkg/version/version.go | 2 ++ scripts/build | 1 + scripts/validate | 6 ++---- scripts/version.sh | 5 ++++- 8 files changed, 42 insertions(+), 6 deletions(-) create mode 100644 pkg/cli/cmds/golang.go diff --git a/Dockerfile.test b/Dockerfile.test index 273da295a9..bd6f3fd8df 100644 --- a/Dockerfile.test +++ b/Dockerfile.test @@ -14,7 +14,7 @@ ENTRYPOINT ["/bin/test-mods"] FROM test-base as test-k3s -RUN apk -U --no-cache add git gcc musl-dev docker curl coreutils python3 openssl py3-pip procps findutils +RUN apk -U --no-cache add git gcc musl-dev docker curl coreutils python3 openssl py3-pip procps findutils yq RUN python3 -m pip install awscli diff --git a/pkg/cli/agent/agent.go b/pkg/cli/agent/agent.go index cac180fd39..1ecaab9725 100644 --- a/pkg/cli/agent/agent.go +++ b/pkg/cli/agent/agent.go @@ -20,6 +20,9 @@ import ( ) func Run(ctx *cli.Context) error { + // Validate build env + cmds.MustValidateGolang() + // hide process arguments from ps output, since they may contain // database credentials or other secrets. gspt.SetProcTitle(os.Args[0] + " agent") diff --git a/pkg/cli/cmds/golang.go b/pkg/cli/cmds/golang.go new file mode 100644 index 0000000000..1860b3e630 --- /dev/null +++ b/pkg/cli/cmds/golang.go @@ -0,0 +1,27 @@ +package cmds + +import ( + "fmt" + "runtime" + "strings" + + "github.com/k3s-io/k3s/pkg/version" + "github.com/sirupsen/logrus" +) + +func ValidateGolang() error { + k8sVersion, _, _ := strings.Cut(version.Version, "+") + if version.UpstreamGolang == "" { + return fmt.Errorf("kubernetes golang build version not set - see 'golang: upstream version' in https://github.com/kubernetes/kubernetes/blob/%s/build/dependencies.yaml", k8sVersion) + } + if v, _, _ := strings.Cut(runtime.Version(), " "); version.UpstreamGolang != v { + return fmt.Errorf("incorrect golang build version - kubernetes %s should be built with %s, runtime version is %s", k8sVersion, version.UpstreamGolang, v) + } + return nil +} + +func MustValidateGolang() { + if err := ValidateGolang(); err != nil { + logrus.Fatalf("Failed to validate golang version: %v", err) + } +} diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index 986f64ad0a..dae82c4140 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -49,6 +49,8 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont var ( err error ) + // Validate build env + cmds.MustValidateGolang() // hide process arguments from ps output, since they may contain // database credentials or other secrets. diff --git a/pkg/version/version.go b/pkg/version/version.go index 67f39d0514..9beda47877 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -7,4 +7,6 @@ var ( ProgramUpper = strings.ToUpper(Program) Version = "dev" GitCommit = "HEAD" + + UpstreamGolang = "" ) diff --git a/scripts/build b/scripts/build index aab4abe917..2a6390295f 100755 --- a/scripts/build +++ b/scripts/build @@ -22,6 +22,7 @@ buildDate=$(date -u '+%Y-%m-%dT%H:%M:%SZ') VERSIONFLAGS=" -X ${PKG}/pkg/version.Version=${VERSION} -X ${PKG}/pkg/version.GitCommit=${COMMIT:0:8} + -X ${PKG}/pkg/version.UpstreamGolang=${VERSION_GOLANG} -X ${PKG_K8S_CLIENT}/version.gitVersion=${VERSION} -X ${PKG_K8S_CLIENT}/version.gitCommit=${COMMIT} diff --git a/scripts/validate b/scripts/validate index a894a505e8..de33f5f529 100755 --- a/scripts/validate +++ b/scripts/validate @@ -29,10 +29,8 @@ if [ -n "$DIRTY" ]; then fi echo Running: go version -DEPENDENCIES_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/${VERSION_K8S}/build/dependencies.yaml" -GOLANG_VERSION=$(curl -sL "${DEPENDENCIES_URL}" | yq e '.dependencies[] | select(.name == "golang: upstream version").version' -) -if ! go version | grep -s "go version go${GOLANG_VERSION} "; then - echo "Unexpected $(go version) - Kubernetes ${VERSION_K8S} should be built with go version go${GOLANG_VERSION}" +if ! go version | grep -s "go version ${VERSION_GOLANG} "; then + echo "Unexpected $(go version) - Kubernetes ${VERSION_K8S} should be built with go version ${VERSION_GOLANG}" exit 1 fi diff --git a/scripts/version.sh b/scripts/version.sh index 9fbaf3cd93..f7bc93fef8 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -77,6 +77,9 @@ fi VERSION_ROOT="v0.12.2" +DEPENDENCIES_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/${VERSION_K8S}/build/dependencies.yaml" +VERSION_GOLANG="go"$(curl -sL "${DEPENDENCIES_URL}" | yq e '.dependencies[] | select(.name == "golang: upstream version").version' -) + if [[ -n "$GIT_TAG" ]]; then if [[ ! "$GIT_TAG" =~ ^"$VERSION_K8S"[+-] ]]; then echo "Tagged version '$GIT_TAG' does not match expected version '$VERSION_K8S[+-]*'" >&2 @@ -91,4 +94,4 @@ VERSION_TAG="$(sed -e 's/+/-/g' <<< "$VERSION")" BINARY_POSTFIX= if [ ${OS} = windows ]; then BINARY_POSTFIX=.exe -fi \ No newline at end of file +fi